Training & Consultancy

Social Engineering & Physical Security

The smoking ban introduced in July 2007, a triumph for campaigners, but have you ever considered how it may have affected the security of your company? Groups of nicotine-craving staff huddled under a shelter right by one of your entrances on a wet and windy winter afternoon; would they take much notice of the lone straggler tailgating them as they rush to get back into the warmth of the building?

Here in the UK we’re often far too polite to confront somebody who may just be legitimately going about their everyday business, but it’s likely this virtue is the reason we miss the occasional person who has malicious intentions.

What happens if the entry card system doesn’t lock the door for over 15 seconds after someone has entered the room? Is anyone keeping an eye out when the security guard steps outside to get some fresh air for five minutes? Would a member of staff readily hold open a usually secure door for a courier holding a large heavy box? Could the helpdesk be too helpful without following correct procedure? Are general procedures explained to a temp drafted in to cover for your receptionist who has come down with the flu?

Regardless of the time and money you’ve spent protecting your network with the latest security products, it is the human element that can often be the weakest link in network security. If you’re a large organisation, would a member of staff on the IT Helpdesk recognise the voice of your Finance Director, or challenge somebody trying to impersonate them and asking for a forgotten password so they can access crucial information from ‘home'?

What about the other aspects of your physical security? Are your server rooms adequately secured from unauthorised access or protected from incidents such as fire or flooding? Are security cameras installed? Is your air-conditioning in the server room at the optimal temperature? Do you have disaster recovery or business contingency planning?

All of the examples and questions posed above are not just possibilities for the purpose of scaremongering; Incidents can and do happen and the most unlikely of scenarios are identified, as has been proved successfully by NTA when performing social engineering exercises and physical security assessments.

Remember, a chain is only as strong as its weakest link and the same is true of your security.

One of the team is always willing to discuss any specific requirements or questions you might have so feel free to contact us.